@[email protected]
If users use a browser that does not help them protect their privacy, it's a personal, or market, or regulation failure.
This is victim blaming.

We are not talking about a browser that "does not help people protect their #privacy", but a protocol designed by #Google (that produce #Chrome) and open washed by their geek-friendly pr dept, #Mozilla (that produce #Firefox) with the goal to track people even when they disable or delete #cookies.
The technical concern is not new to #QUIC: even #TLS 1.2 had resumption options with similar properties...
Yet the innovation here is exactly 0-RTT, that hook a user identifier on the first ip packet.

Sure #TorBrowser does the right thing since 2019, and so do #LibreWolf disabling security.tls.enable_0rtt_data in about:config.

But why such obvious low-level tracking tool has been allowed in an Internet standard aimed at consumer usage?

I agree with you, it's not for lack of awareness if mainstream browsers support this "feature".
But it should be up to IETF to not let such user hostile feature enter in a protocol standard.

They let it pass instead.
It was not because of lack of engineering awareness.
As many other formally independent institution, #IETF was subject to regulatory capture by #BigTech. The few independent engineers (like you) are there to preserve the public illusion of independence, so that #Surveillance can leverage the public trust. A sort of #EthicsWashing or #OpenWashing at protocol design level.

Kaspersen and Wallach further describe #ethicswashing in the field of #AI as “creating a superficially reassuring but illusory sense that ethical issues are being adequately addressed, to justify pressing forward with systems that end up deepening current patterns.”